CVE-2025-48378 – DNN XSS Through SVG Upload

May 23, 2025

CVE ID : CVE-2025-48378

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2023-34873 – MOBOTIX Camera Remote Code Execution Vulnerability

Next Article CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

Microsoft’s new Surface Laptop 13-inch is now priced how I thought it should’ve always been — all thanks to this Prime Day deal that WON’T last forever

WWE 2K25 is getting a new story starring Bray Wyatt that will “get people emotional” — but not for PC or last-gen console players

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

Microsoft’s new Surface Laptop 13-inch is now priced how I thought it should’ve always been — all thanks to this Prime Day deal that WON’T last forever

CVE-2025-48378 – DNN XSS Through SVG Upload

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Xbox’s Age of Empires 2: Definitive Edition is getting The Three Kingdoms DLC, bringing new units, campaigns, and more

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

CVE-2025-45846 – ALFA AIP-W512 Stack Overflow Vulnerability

12 Best Free and Open Source Food and Drink Software

Real-time Iceberg ingestion with AWS DMS

CVE-2025-45388 – Wagtail CMS Stored XSS

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

CVE-2025-5579 – PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability

CVE-2025-48378 – DNN XSS Through SVG Upload

Related Posts